Class: Ace::Git::Secrets::Organisms::ReleaseGate

Inherits:

Object

• Object
• Ace::Git::Secrets::Organisms::ReleaseGate

Defined in:

lib/ace/git/secrets/organisms/release_gate.rb

Overview

Pre-release security gate Blocks releases if tokens are detected in history

Requires gitleaks to be installed: brew install gitleaks

Instance Attribute Summary

• #scanner ⇒ Object readonly

  Returns the value of attribute scanner.

• #strict_mode ⇒ Object readonly

  Returns the value of attribute strict_mode.

Instance Method Summary

• #check ⇒ Hash

  Run pre-release security check.

• #format_result(result, format: "table") ⇒ String

  Format result for CI output.

• #initialize(repository_path: ".", gitleaks_config: nil, strict: false, exclusions: nil) ⇒ ReleaseGate constructor

  A new instance of ReleaseGate.

Constructor Details

#initialize(repository_path: ".", gitleaks_config: nil, strict: false, exclusions: nil) ⇒ ReleaseGate

Returns a new instance of ReleaseGate.

Parameters:

• repository_path (String) (defaults to: ".") —

  Path to git repository

• gitleaks_config (String, nil) (defaults to: nil) —

  Path to gitleaks config file

• strict (Boolean) (defaults to: false) —

  Fail on medium confidence matches too

• exclusions (Array<String>, nil) (defaults to: nil) —

  Glob patterns for files to exclude

# File 'lib/ace/git/secrets/organisms/release_gate.rb', line 18

def initialize(repository_path: ".", gitleaks_config: nil, strict: false, exclusions: nil)
  @scanner = Molecules::HistoryScanner.new(
    repository_path: repository_path,
    gitleaks_config: gitleaks_config,
    exclusions: exclusions
  )
  @strict_mode = strict
end

Instance Attribute Details

#scanner ⇒ Object (readonly)

Returns the value of attribute scanner.

# File 'lib/ace/git/secrets/organisms/release_gate.rb', line 12

def scanner
  @scanner
end

#strict_mode ⇒ Object (readonly)

Returns the value of attribute strict_mode.

# File 'lib/ace/git/secrets/organisms/release_gate.rb', line 12

def strict_mode
  @strict_mode
end

Instance Method Details

#check ⇒ Hash

Run pre-release security check

Returns:

• (Hash) —

  Result with :passed, :message, :report keys

# File 'lib/ace/git/secrets/organisms/release_gate.rb', line 29

def check
  min_confidence = strict_mode ? "medium" : "high"

  report = scanner.scan(min_confidence: min_confidence)

  if report.clean?
    {
      passed: true,
      exit_code: 0,
      message: "Pre-release security check: PASSED",
      summary: "No authentication tokens detected in Git history.",
      report: report
    }
  else
    {
      passed: false,
      exit_code: 1,
      message: "Pre-release security check: FAILED",
      summary: failure_summary(report),
      report: report,
      remediation: remediation_steps(report)
    }
  end
end

#format_result(result, format: "table") ⇒ String

Format result for CI output

Parameters:

• result (Hash) —

  Check result

• format (String) (defaults to: "table") —

  Output format (table, json)

Returns:

• (String)

# File 'lib/ace/git/secrets/organisms/release_gate.rb', line 58

def format_result(result, format: "table")
  case format
  when "json"
    require "json"
    JSON.pretty_generate({
      passed: result[:passed],
      message: result[:message],
      token_count: result[:report].token_count,
      tokens: result[:report].tokens.map { |t| t.to_h }
    })
  else
    format_table_result(result)
  end
end